zeronetworks / rpcfirewallLinks
☆520Updated 2 months ago
Alternatives and similar repositories for rpcfirewall
Users that are interested in rpcfirewall are comparing it to the libraries listed below
Sorting:
- A centralized resource for previously documented WDAC bypass techniques☆572Updated 2 months ago
- Event Tracing For Windows (ETW) Resources☆393Updated 10 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆333Updated 2 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆505Updated 3 years ago
- Aims to identify sleeping beacons☆610Updated 7 months ago
- ☆252Updated last year
- Scan installed EDRs and AVs on Windows☆590Updated last month
- ☆500Updated last year
- ☆381Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆283Updated last year
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆445Updated 3 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- An effort to track security vendors' use of Microsoft's Antimalware Scan Interface☆252Updated 3 years ago
- ☆416Updated 2 years ago
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆488Updated 2 years ago
- A PowerShell armoury for security guys and girls☆473Updated last year
- ☆579Updated 2 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆956Updated last year
- A C# utility for interacting with SCCM☆643Updated 10 months ago
- PoCs and tools for investigation of Windows process execution techniques☆932Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆764Updated last year
- Active Directory delegation management tool☆315Updated 2 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆652Updated 2 years ago
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆318Updated 3 months ago
- Sysmon-Like research tool for ETW☆358Updated 2 years ago
- ☆203Updated 9 months ago
- Sysmon configuration file template with default high-quality event tracing☆502Updated 3 weeks ago
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆177Updated 6 months ago
- ☆1,682Updated 11 months ago
- Cobalt Strike Beacon configuration extractor and parser.☆154Updated 3 years ago